Compliance

Technical safeguards for HIPAA at the administrative level.

By Veriato Team

This is the 3rd post in a 3-part series on HIPAA data security.  Here we discuss ways Veriato can assist organizations reduce the cost associated with HIPAA compliance reporting while increasing data security.

Requirement 164.308

Administrative Safeguards

Veriato acts as a core part of your implementation and maintenance of security measures and administrative safeguards to protect patient data, specifically around monitoring and reviewing the conduct of you workforce in relation to the protection of patient data.

Below are some examples of how Veriato can assist in addressing some of HIPAA’s Administrative

  • Risk Analysis (Required) § 164.308(a)(1)(ii)(A) – Veriato’s visibility into how users access, interact with, and use patient data can be utilized to assess the confidentiality, integrity, and availability of patient data, regardless of application used.
  • Information System Activity Review (Required) § 164.308(a)(1)(ii)(D) – By providing per-user activity detail and reporting, Veriato supplies the most comprehensive and contextual activity review possible, showing when patient data is access, as well as the actions performed before and after the access in question.
  • Log-in Monitoring (Addressable) § 164.308(a)(5)(ii)(C) – Veriato facilitates the monitoring of and reporting on log-ins which can be used to identify suspect activity.
  • Response and Reporting (Required) § 164.308(a)(6)(ii) – In cases where the suspected or known security incident involves a user’s application-based interaction with patient data, Veriato provides the activity detail necessary to document the security incident and outcome in almost.

Requirement 164.312

Technical Safeguards

Veriato’s advanced user activity monitoring and behavior analysis technology can be leveraged to define advanced policy and procedures designed to establish and ensure patient data remains protected giving you HIPAA technical safeguards at the highest level.

Below are some examples of how Veriato can assist in addressing some of HIPAA’s Technical Safeguards:

  • Audit Controls (Required) § 164.312(b) – Veriato not only empowers security teams to record an examine user activity within systems containing protected patient data, but also within any other application, providing unmatched visibility into actions taken around patient data access.
  • Mechanism to Authenticate Electronic Protected Health Information (Addressable) § 164.312(c)(2) – Because Veriato records and can playback all user activity involving protected patient data, it provides the ability to demonstrate that patient data has not been altered or destroyed in an unauthorized manner.

Requirement 164.414

Administrative Requirements & Burden of Proof

In an organization’s time of need, when demonstrating either HIPAA compliance – or the lack thereof – is necessary, the determining factor will ultimately be the answer to the question “Was patient data improperly used?”. This will require an ability to review the exact actions taken by one or more users, both within and outside of an EHR application.

Below are some examples of how Veriato can assist in addressing this HIPAA requirement:

  • Administrative Requirements § 164.414(a) – Veriato’s ability to record, playback, and report on detailed user activity can help demonstrate compliance with the Safeguards portion of the Administrative Requirements § 164.530(c).
  • Burden of Proof § 164.414(b) – In the event of a suspected breach, Veriato uniquely facilitates the playback of specific user activity to either demonstrate the lack of a breach, or to help define the scope of one.

Requirement 160.308

Compliance Reviews

Whether as part of suspected violation or other circumstances, compliance reviews of administrative provisions around appropriate access to, and usage of, patient data can be simplified by demonstrating enforcement of policies and procedures through Veriato’s activity reports and activity playback.

2023 Preparedness Checklist: Ensure Your Workforce Is Productive and Secure

This guide will help you understand where there are opportunities and risks in your workforce, and what you can do to make sure 2023 is as secure and productive as possible with workforce behavior analytics.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

A More Insightful, Proactive Approach to Employee Monitoring

A More Insightful, Proactive Approach to Employee Monitoring

Also known as “bossware” and even “employee surveillance”, employee monitoring has been placed in the bucket of technologies that companies force on their employees. Whatever you call it, its use is on the rise and it looks like it’s here to stay. As of 2022, 60% of...

Bossware and the Future of Work

Bossware and the Future of Work

Recently, there has been considerable coverage of “bossware” and a focus on draconian types of “surveillance” some companies are using to stay on top of remote and flexible workforces. Articles claim companies are accessing the camera on laptops and tracking every...

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...